Blog

15 Jul 2019

We have released the first version of SQLite Examiner, a free tool for viewing SQLite databases. SQLite Examiner includes standard features such as viewing data per table and writing custom SQL queries. It also includes a number of features for analysing Binary Large Objects (BLOB) stored within SQLite databases.

17 Jun 2019

Both Chrome and Firefox offer the ability to sync various browser data between multiple devices by signing in with a Google or Firefox account. This data includes autofill, bookmarks, extensions, passwords, preferences, open tabs and website visits. This post will focus on syncing website visits between devices and the impact this has on an investigation involving browser history.

09 May 2019

Like most web browsers Firefox includes a Session Restore feature allowing your currently open windows and tabs to be restored in the event of a forced-restart or crash. All session data is stored in a compressed file format referred to as MOZLZ4 or JSONLZ4. The file format is standard LZ4 data with a custom header. We have recently updated BHE to automatically extract session data from the sessionstore.jsonlz4 file and any files within the sessionstore-backups folder.

16 Oct 2018

Web pages that are viewed using the Edge browser are visible within Windows Timeline. Our testing has shown that browser activity remains in Timeline even when the Edge browser history has been cleared. Therefore, Timeline could be a useful source of data for browser forensics, as it can potentially provide easy access to deleted browser history.